tcp: make global challenge ack rate limitation per net-ns and default disabled - linux - Linux Kernel (branches are rebased on master from time to time)

diff options

author	Eric Dumazet <edumazet@google.com>	2022-08-30 11:56:56 -0700
committer	Jakub Kicinski <kuba@kernel.org>	2022-08-31 19:56:48 -0700
commit	79e3602caa6f9d59c4f66a268407080496dae408 (patch)
tree	639b61f605e41a495d774f43c4e3062296bd3836 /net/openvswitch/openvswitch_trace.c
parent	8c70521238b7863c2af607e20bcba20f974c969b (diff)
download	linux-79e3602caa6f9d59c4f66a268407080496dae408.tar.bz2

tcp: make global challenge ack rate limitation per net-ns and default disabled

Because per host rate limiting has been proven problematic (side channel attacks can be based on it), per host rate limiting of challenge acks ideally should be per netns and turned off by default. This is a long due followup of following commits: 083ae308280d ("tcp: enable per-socket rate limiting of all 'challenge acks'") f2b2c582e824 ("tcp: mitigate ACK loops for connections as tcp_sock") 75ff39ccc1bd ("tcp: make challenge acks less predictable") Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Jason Baron <jbaron@akamai.com> Acked-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Diffstat (limited to 'net/openvswitch/openvswitch_trace.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: